theshit Command-Line Utility Improper Privilege Management Vulnerability Allowing Local Privilege Escalation

A local privilege escalation vulnerability has been identified in the theshit command-line utility, prior to version 0.2.0. The issue arises from improper handling of privileges when the application automatically retries previously failed commands. When executed with elevated rights, theshit fails to revert to the original user context before re-executing commands, allowing unprivileged users to gain root access by manipulating the command execution process. This vulnerability is particularly concerning in environments where theshit is allowed to run with sudo, especially with NOPASSWD configurations.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges.

Reproduction

To reproduce this vulnerability, execute the theshit utility with sudo, simulating a command failure by setting the SH_PREV_CMD environment variable. The tool will attempt to re-execute the command with elevated privileges, bypassing normal user restrictions.

Remediation

Users are advised to upgrade to version 0.2.0, where this vulnerability has been fixed. If an upgrade is not possible, theshit should be run as an unprivileged user, and its use in privileged contexts should be restricted.